Criminals steal $225m as ethereum ICOs surge

Here’s another reason to be leery of the initial coin offerings being done at a staggering pace in the cryptocurrency world: there’s a one-in-10 chance you’ll end up a victim of theft.

Phishing scams have helped push up criminal losses to about US$225m this year, according to Chainalysis, a New York-based firm that analyses transactions and provides anti-money laundering software. In such scams, investors are tricked into sending money to Internet addresses pretending to be funding sites for digital token offerings related to the ethereum blockchain technology.

More than 30 000 people have fallen prey to ethereum-related cybercrime, losing an average of $7 500 each, with ICOs amassing about $1.6bn in proceeds this year, Chainalysis estimates.

The cryptocurrency phishers are doing pretty well against all the other types of criminals that are out there

“It’s a huge amount of money to generate in such a short period of time,” said Jonathan Levin, co-founder of Chainalysis, whose software and database are used by some of the largest bitcoin companies and US law enforcement agencies. “The cryptocurrency phishers are doing pretty well against all the other types of criminals that are out there.”

Indeed, the huge amount of wealth that has fallen prey to cybercriminals is approaching the losses incurred by robberies in the US for the entire year of 2015, which stood at $390m, according to statistics released by the Federal Bureau of Investigation.

ICOs are digital token sales typically that raise ether, with users transferring the funds to addresses provided by start-ups. Investors, sometimes eager to get early access to new token offerings have been tricked into providing their credentials to fake websites through targeted e-mail campaigns, Twitter posts and Slack messages, said Levin.

Fake websites

Ether rose 0.1% to $324.17 on Thursday, according to data from Coindesk, while bitcoin rose 0.2% to $4 201.

Most attacks involve creating websites or social media accounts that sound similar to the real ICO project. Levin gave the fictional example of a project named “illuminate”, which an imposter might fake by spelling it slightly differently. Using the fake account, they would solicit potential investors to send money to the criminal’s address.

The overall figures mean there is infrastructure that we need to build to help prevent people from getting abused

His firm compiled the data by identifying so-called digital wallets used by scam artists. That information is usually public because criminals widely circulate it, hoping to fool investors into sending them money.

Other common forms of crime involve tapping into project loopholes. The DAO, or decentralised autonomous organisation, is a smart contract project built on top of ethereum that was intended to democratise how ethereum projects are funded. A bug in the system was exploited and that led to the theft of $55m worth of ether at the time.

Levin didn’t provide data for bitcoin-related cybercrime, and not because it is any safer. He said such data is harder to track as scams are usually specific attacks on individual holders, rather than ICO-related campaigns which try to dupe many people at once.

“The overall figures mean there is infrastructure that we need to build to help prevent people from getting abused,” said Levin. — Reported by Lulu Yilun Chen and Yuji Nakamura, (c) 2017 Bloomberg LP